Revision 600535f0

b/lib/bootstrap.py
1 1
#
2 2
#
3 3

  
4
# Copyright (C) 2006, 2007, 2008 Google Inc.
4
# Copyright (C) 2006, 2007, 2008, 2010 Google Inc.
5 5
#
6 6
# This program is free software; you can redistribute it and/or modify
7 7
# it under the terms of the GNU General Public License as published by
......
149 149
  """Setup the necessary configuration for the initial node daemon.
150 150

  
151 151
  This creates the nodepass file containing the shared password for
152
  the cluster and also generates the SSL certificate.
152
  the cluster, generates the SSL certificate and starts the node daemon.
153

  
154
  @type master_name: str
155
  @param master_name: Name of the master node
153 156

  
154 157
  """
155 158
  # Generate cluster secrets
......
322 325
    hv_class = hypervisor.GetHypervisor(hv_name)
323 326
    hv_class.CheckParameterSyntax(hv_params)
324 327

  
325
  # set up the inter-node password and certificate
328
  # set up the inter-node password and certificate, start noded
326 329
  _InitGanetiServerSetup(hostname.name)
327 330

  
328 331
  # set up ssh config and /etc/hosts
b/lib/constants.py
222 222
# Digest used to sign certificates ("openssl x509" uses SHA1 by default)
223 223
X509_CERT_SIGN_DIGEST = "SHA1"
224 224

  
225
# Default validity of certificates in days
226
X509_CERT_DEFAULT_VALIDITY = 365 * 5
227

  
228
# commonName (CN) used in certificates
229
X509_CERT_CN = "ganeti.example.com"
230

  
225 231
X509_CERT_SIGNATURE_HEADER = "X-Ganeti-Signature"
226 232

  
227 233
IMPORT_EXPORT_DAEMON = _autoconf.PKGLIBDIR + "/import-export"
b/lib/utils.py
1 1
#
2 2
#
3 3

  
4
# Copyright (C) 2006, 2007 Google Inc.
4
# Copyright (C) 2006, 2007, 2010 Google Inc.
5 5
#
6 6
# This program is free software; you can redistribute it and/or modify
7 7
# it under the terms of the GNU General Public License as published by
......
3365 3365
  return (key_pem, cert_pem)
3366 3366

  
3367 3367

  
3368
def GenerateSelfSignedSslCert(filename, validity=(5 * 365)):
3368
def GenerateSelfSignedSslCert(filename, common_name=constants.X509_CERT_CN,
3369
                              validity=constants.X509_CERT_DEFAULT_VALIDITY):
3369 3370
  """Legacy function to generate self-signed X509 certificate.
3370 3371

  
3372
  @type filename = str
3373
  @param filename = path to write certificate to
3374
  @type common_name: string
3375
  @param common_name: commonName value
3376
  @type validity: int
3377
  @param validity: validity of certificate in number of days
3378

  
3371 3379
  """
3372
  (key_pem, cert_pem) = GenerateSelfSignedX509Cert(None,
3380
  # TODO: Investigate using the cluster name instead of X505_CERT_CN for
3381
  # common_name, as cluster-renames are very seldom, and it'd be nice if RAPI
3382
  # and node daemon certificates have the proper Subject/Issuer.
3383
  (key_pem, cert_pem) = GenerateSelfSignedX509Cert(common_name,
3373 3384
                                                   validity * 24 * 60 * 60)
3374 3385

  
3375 3386
  WriteFile(filename, mode=0400, data=key_pem + cert_pem)

Also available in: Unified diff